Document support for OMEMO & OpenPGP, add blogpost

This commit is contained in:
Jesper Hess 2017-01-22 13:56:01 +01:00
parent 85dd36a1bf
commit 93a6fedc01
Signed by: graffen
GPG key ID: 351A89E40D763F0F
2 changed files with 30 additions and 2 deletions

View file

@ -26,11 +26,17 @@ Simply add _username_@xmpp.dk in your client and click “register” or check t
The connection between your client and xmpp.net is encrypted using TLS. The server requires TLS connections to other XMPP servers. The connection between your client and xmpp.net is encrypted using TLS. The server requires TLS connections to other XMPP servers.
This means that if you can't connect to a friend, their provider is not configured to use TLS and the xmpp.dk server will refuse the connection. Your friend This means that if you can't connect to a friend, their provider is not configured to use TLS and the xmpp.dk server will refuse the connection. Your friend
should either convince their provider to enable TLS server-to-server connections, or switch to a provider that has proper encrypted transport support. should either convince their provider to enable TLS server-to-server connections, or switch to a provider that has proper encrypted transport support.
Since you can't (and shouldn't) trust your xmpp server, I require you always enable [Off-The-Record (OTR)][off-the-record] in your chat client. Since you can't (and shouldn't) trust your xmpp server, I require you always enable secure end-to-end encryption in your chat client. Supported modes are:
* [Off-The-Record (OTR)][off-the-record]
* [OMEMO][omemo]
* GPG
This will give you end-to-end encrypted chat that cannot be decrypted while in transit and, depending on the settings of your client, will not be logged on your local machine. This will give you end-to-end encrypted chat that cannot be decrypted while in transit and, depending on the settings of your client, will not be logged on your local machine.
## Federation ## Federation
xmpp.dk allows federated connections to all other *S2S TLS-enabled Jabber servers* so you can chat with anyone that has a Jabber account as long as their provider supports TLS and is configured correctly. xmpp.dk allows federated connections to all other *S2S TLS-enabled Jabber servers* so you can chat with anyone that has a Jabber account as long as their provider supports TLS and is configured correctly.
[jabber-clients]: https://xmpp.org/software/clients.html [jabber-clients]: https://xmpp.org/software/clients.html
[off-the-record]: https://otr.cypherpunks.ca/ [off-the-record]: https://otr.cypherpunks.ca/
[omemo]:https://conversations.im/omemo/

View file

@ -0,0 +1,22 @@
---
title: OMEMO, OTR and GPG suppprt
layout: post
---
The XMPP foundation has begun standardizing the [OMEMO end-to-end encryption protocol][omemo-xep]. Therefore,
I decided it would be a good time to include support for this interesting new protocol on the xmpp.dk server.
In practice, this means I have installed a new plugin, mod_e2e_policy, which enables support for the three major
e2e encryption standards on XMPP nowadays, namely OTR (which you already know quite well), OMEMO and OpenPGP/GPG.
OMEMO provides several advantages over OTR. Among other things, it supports offline messages, group chats (which means
I can also start looking into enabling MUC conferences on the server at some point) and also it does away with
user-based fingerprints and instead uses device-based keys. This is especially useful if you're connected on multiple
devices simultaneously. As you know, this was problematic with OTR, but with OMEMO you can get end-to-end encryption
on all of your devices and hopefully never lose a message.
As always, if you have any trouble or want to ask questions, you can always [contact me directly](/contact/) over Jabber
or you can reach out on our [Twitter][twitter].
[omemo-xep]:https://conversations.im/omemo/
[twitter]:https://twitter.com/xmppdk